There has never been a more important time to protect one’s accounts from cybercrime, than ever before. Sometimes, a username and password is not enough, you need an extra layer. This extra layer goes by two-factor authentication (2FA) and it’s a huge help in protecting your online accounts. We have many types of 2FA on …
I don’t know how I ended up with so many Yubikeys, but I guess it’s to be expected with how much I like digital security. As I was sorting through them, figuring out which ones to keep and which ones to give away, a question popped into my head. If I give Yubikeys to family …
Storing your 2FA TOTP tokens in your password manager has become a hotly debated topic. In a perfect world, you should NOT keep your 2FA tokens in your password manager. But we don’t live in that world, and the honest answer is a lot more nuanced. And for most people, keeping your 2FA tokens in …
To understand why we don’t need SMS 2FA, we’ll order the factors from least secure to most secure. Password Password + SMS 2FA Password + Authenticator App Unique Password Unique Password + U2F *A unique password is a reasonable length, random, and never reused password. Password – Affected by phishing attacks, credential stuffing attacks, malware, and brute force …
A common trend I see is the rush to turn on 2FA like Google Authenticator and Authy, but do people understand why it’s so effective? Google Authenticator and Authy are TOTP (Time-based One-time Password) 2FA. I’m going to show you what makes TOTP 2FA so effective and why this matters. How TOTP 2FA Works When …
We don’t need SMS 2FA. I’m going to break down why we don’t need SMS 2FA and give you a replacement that is not only better but cheaper and easier too. What Is SMS 2FA? Hopefully, if you’re reading this, you have a good understanding of SMS 2FA. If you don’t, SMS 2FA is the …